There are numerous governmental or quasi-governmental agencies that are tasked with ensuring that operators that perform various tasks (companies) comply with international treaties. In an example, the International Atomic Energy Agency (IAEA) is tasked with monitoring uranium processing operations performed by companies in different countries. Accordingly, such governmental or quasi-governmental agencies desirably monitor signals output by sensors that sense operating conditions corresponding to a particular process.
Conventionally, the aforementioned agencies utilize custom equipment to monitor operating parameters of a process. Therefore, for example; such an agency can be provided with access to a particular process site and generate a customized configuration to obtain data from sensors that output signals pertaining to a desirably monitored parameter. Such customized systems include sensors, wiring that runs through a tamper-indicating conduit, a data collection system that is enclosed in a tamper-indicating enclosure, etc. For each sensor, the data collection system typically receives signals output by a sensor, authenticates such signals, signs the signals utilizing a cryptographic algorithm, and causes the combination of the signal from the sensor and the cryptographic signature to be retained in a data repository and/or passed on to another portion of the agency's network.
Oftentimes the company that is performing the process is monitoring at least some of the same parameters that are desirably monitored by the governmental or quasi-governmental agency. The agencies have chosen to utilize these customized systems to reduce the possibility that the operator (company) will attempt to modify sensor data in an attempt to obfuscate the violation of a treaty. From the perspective of the operator, heretofore there has been little reason to authenticate sensor data. In other words, since the operator owns and monitors the facility in which operations are taking place, and further as the operator and owns and monitors the data collection system, the operator heretofore has had little reason to authenticate sensor data.
It can be ascertained that the utilization of customized authentication equipment is costly, and as facilities become increasingly large and complex, can become very difficult to configure. Therefore, there is a cost and time savings incentive from the perspective of the agencies to utilize the equipment of the operator when monitoring operating parameters. This, however, would require the agency to trust the operations configuration put in place by the operator. Furthermore, while in the recent past the operator may have been unconcerned with sensor data authentication, computer viruses have been developed that are configured to attack and modify the operation of industrial automation equipment in general, and programmable logic controllers in particular. Specifically, the Stuxnet virus is a multi-layered virus that is configured to modify behavior of certain programmable logic controllers. Due to such virus and other similar threats, operators are no longer able to inherently trust the actions of programmable logic controllers in their facilities.